Vulnerabilities > CVE-2021-43788 - Unspecified vulnerability in Nodebb
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible.
Vulnerable Configurations
References
- https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/
- https://blog.sonarsource.com/nodebb-remote-code-execution-with-one-shot/
- https://github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f
- https://github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f
- https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5
- https://github.com/NodeBB/NodeBB/releases/tag/v1.18.5
- https://github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgm
- https://github.com/NodeBB/NodeBB/security/advisories/GHSA-pfj7-2qfw-vwgm